shoek
Posts: 2
Joined: Wed Dec 23, 2020 2:45 pm

Advice for how to avoid ARP poisoning leading to Duplicate Address

Wed Dec 23, 2020 2:54 pm

Newbie here... I have a RPi 4b running latest Raspbian OS and Pi-hole software. I have it configured to have a static IP using dhcpcd.conf method.

I have noticed that every few days the device's network connection goes offline. Looking at the logs, it appears that another device on my network (a Ring camera) is advertising itself via ARP as having the same IP as the RPi device. This causes DHCPCD to try to re-acquire the static IP, but it then gives up and shuts down the link.
The Ring camera eventually gives up the IP and gets one assigned by DHCP as expected. It may be doing this during some kind of upgrade process or whatnot, who knows.

Here are the logs:

Code: Select all

Dec 22 01:13:15 Raspberry-Pi dhcpcd[391]: eth0: hardware address 54:e0:19:08:fa:be claims 192.168.1.1
Dec 22 01:13:15 Raspberry-Pi dhcpcd[391]: eth0: hardware address 54:e0:19:08:fa:be claims 192.168.1.1
Dec 22 01:13:15 Raspberry-Pi dhcpcd[391]: eth0: 10 second defence failed for 192.168.1.1
Dec 22 01:13:16 Raspberry-Pi avahi-daemon[378]: Withdrawing address record for 192.168.1.1 on eth0.
Dec 22 01:13:16 Raspberry-Pi avahi-daemon[378]: Leaving mDNS multicast group on interface eth0.IPv4 with address 192.168.1.1.
Dec 22 01:13:16 Raspberry-Pi avahi-daemon[378]: Interface eth0.IPv4 no longer relevant for mDNS.
Dec 22 01:13:16 Raspberry-Pi dhcpcd[391]: eth0: deleting route to 192.168.0.0/23
Dec 22 01:13:16 Raspberry-Pi dhcpcd[391]: eth0: deleting default route via 192.168.0.1
Dec 22 01:13:16 Raspberry-Pi dhcpcd[391]: eth0: probing address 192.168.1.1/23
Dec 22 01:13:16 Raspberry-Pi dhcpcd[391]: eth0: hardware address 54:e0:19:08:fa:be claims 192.168.1.1
Dec 22 01:13:16 Raspberry-Pi dhcpcd[391]: eth0: DAD detected 192.168.1.1
192.168.1.1 is the IP of my RPi
54:e0:19:08:fa:be is the MAC of the Ring camera

I found this Reddit thread from another user that is having the same situation.
https://www.reddit.com/r/Ring/comments/ ... context=3

I'm looking for any advice on how to configure the RPi to not be susceptible to this situation, which I understand is called "ARP poisoning".

Thanks in advance!

epoch1970
Posts: 6692
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Advice for how to avoid ARP poisoning leading to Duplicate Address

Wed Dec 23, 2020 3:37 pm

The solution is to fix the IP conflict.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

awesome_bob
Posts: 10
Joined: Fri Aug 07, 2020 7:09 pm

Re: Advice for how to avoid ARP poisoning leading to Duplicate Address

Sat May 01, 2021 1:40 pm

I am having a similar problem, so I posted this viewtopic.php?f=28&t=310619&p=1859182#p1859182, and I referenced your post.

I would REALLY like to get attention on this topic, so feel free to link to my post and/or repost anywhere you think might be helpful.

Thanks!

terribleted
Posts: 265
Joined: Tue Oct 06, 2020 8:07 pm

Re: Advice for how to avoid ARP poisoning leading to Duplicate Address

Sat May 01, 2021 2:06 pm

When setting a static IP address, it is important that you NOT assign one that will be handed out by your DHCP server.
for example, i have set up the DHCP on my router to assign only 192.168.0.100 through .150.
then i can use the IP addresses below 100 and above 150 for static things.... like my PI.

look at your configuration of your router, narrow the range of IPs that it hands out.
then put your PI in the unused space. (in my above example, i have my PI at .90)

setting up a static IP for your PI in the range of the DHCP addresses will eventually ensure a conflict.
i had a Trash-80 model 1 (circa 1980). upgrading from 4k to 16k of RAM, i thought "i'll never use this much RAM".
Now i have a computer with a million times that much memory. And i keep running out of it.
Not the computer....ME.

shoek
Posts: 2
Joined: Wed Dec 23, 2020 2:45 pm

Re: Advice for how to avoid ARP poisoning leading to Duplicate Address

Sat May 01, 2021 2:41 pm

awesome_bob wrote:
Sat May 01, 2021 1:40 pm
I am having a similar problem, so I posted this viewtopic.php?f=28&t=310619&p=1859182#p1859182, and I referenced your post.

I would REALLY like to get attention on this topic, so feel free to link to my post and/or repost anywhere you think might be helpful.

Thanks!
My initial solution was to move my Pi's static IP to something different than what the Ring camera was trying to steal via ARP poisoning. That worked, but a better solution was to disable dhcpcd on the Pi and set the static IP using the /etc/networking/interface method and associated service. It is an older approach, but still works and does what I need it to do for keeping a Pi's static IP. I believe I followed this article:
https://blog.erickduran.com/programming ... pberry-pi/
Last edited by shoek on Sat May 01, 2021 6:16 pm, edited 1 time in total.

drtechno
Posts: 261
Joined: Fri Apr 09, 2021 6:33 pm

Re: Advice for how to avoid ARP poisoning leading to Duplicate Address

Sat May 01, 2021 6:11 pm

dhcpcd.conf is part of a dhcp server, and you don't need to run one on a common network that has a router with a dhcp server built in. I don't see any reason why they installed that in the base build of the os image.

User avatar
B.Goode
Posts: 12259
Joined: Mon Sep 01, 2014 4:03 pm
Location: UK

Re: Advice for how to avoid ARP poisoning leading to Duplicate Address

Sat May 01, 2021 7:38 pm

drtechno wrote:
Sat May 01, 2021 6:11 pm
dhcpcd.conf is part of a dhcp server, and you don't need to run one on a common network that has a router with a dhcp server built in. I don't see any reason why they installed that in the base build of the os image.


"dhcpcd.conf is part of a dhcp server,"


I believe you might be mistaken in that assertion.

Ref: https://roy.marples.name/projects/dhcpcd/
Welcome to the project page for dhcpcd, a DHCP and DHCPv6 client.

Return to “Troubleshooting”